Sprint # 5 Considerations: #150
Description
Sprint # 5 Considerations:
Note: We don't have to let an admin edit a user's application
- Login that stores user password not in plain text (hash and salt passwords)
- Might be good to let admin see the user side (in case the admin needs to troubleshoot what happens with a user)
- Check what the website looks like on mobile
- Make sure that user A can only see and work on user A applications
- $_SESSION['UID']
- Admin should see everything (all applications) and be able to edit the same application (the application that a user has added in)
- Should a user be able to delete themselves?
- Should an admin be able to remove themselves as an admin?
- Maybe they shouldn't? So you need an admin to remove you? That way, there always has to be at least one admin.
- User should be able to change their own password
- Optional: A user should be able to see if an admin has made a change
- Make sure a user can't access another user's applications/data
- Optional: Password recovery?